<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>SAML authenticate API | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'security-api-saml-authenticate.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-saml-authenticate.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-saml-authenticate.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/security-api-saml-authenticate.html" rel="nofollow" target="_blank">../en/security-api-saml-authenticate.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="rest-apis.html">REST APIs</a></span>
»
<span class="breadcrumb-link"><a href="security-api.html">Security APIs</a></span>
»
<span class="breadcrumb-node">SAML authenticate API</span>
</div>
<div class="navheader">
<span class="prev">
<a href="security-api-saml-prepare-authentication.html">« SAML prepare authentication API</a>
</span>
<span class="next">
<a href="security-api-saml-logout.html">SAML logout API »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="security-api-saml-authenticate"></a>SAML authenticate API<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-authenticate-api.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>Submits a SAML <code class="literal">Response</code> message to Elasticsearch for consumption.</p>
<div class="note admon">
<div class="icon"></div>
<div class="admon_content">
<p>This API is intended for use by custom web applications other than Kibana.
If you are using Kibana, see the <a class="xref" href="saml-guide.html" title="Configuring SAML single-sign-on on the Elastic Stack"><em>Configuring SAML single-sign-on on the Elastic Stack</em></a>.</p>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-authenticate-request"></a>Request<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-authenticate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p><code class="literal">POST /_security/saml/authenticate</code></p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-authenticate-desc"></a>Description<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-authenticate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The SAML message that is submitted can be:</p>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
a response to a SAML authentication request that was previously created using the
<a class="xref" href="security-api-saml-prepare-authentication.html" title="SAML prepare authentication API">SAML prepare authentication API</a>.
</li>
<li class="listitem">
an unsolicited SAML message in the case of an IdP-initiated single sign-on (SSO) flow.
</li>
</ul>
</div>
<p>In either cases, the SAML message needs to be a base64 encoded XML document with a root
element of <code class="literal">&lt;Response&gt;</code></p>
<p>After successful validation, Elasticsearch responds with an
Elasticsearch internal access token and refresh token that can be subsequently used for authentication.
This API endpoint essentially exchanges SAML responses that
indicate successful authentication in the IdP for Elasticsearch access and refresh tokens,
which can be used for authentication against Elasticsearch.</p>
<p>Elasticsearch exposes all the necessary SAML related functionality via the SAML APIs.
These APIs are used internally by Kibana in order to provide SAML based
authentication, but can also be used by other, custom web applications or other
clients. See also
<a class="xref" href="security-api-saml-prepare-authentication.html" title="SAML prepare authentication API">SAML prepare authentication API</a>,
<a class="xref" href="security-api-saml-invalidate.html" title="SAML invalidate API">SAML invalidate API</a> and
<a class="xref" href="security-api-saml-logout.html" title="SAML logout API">SAML logout API</a>.</p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-authenticate-request-body"></a>Request body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-authenticate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">content</code>
</span>
</dt>
<dd>
(Required, string) The SAML response as it was sent by the user’s browser, usually a
Base64 encoded XML document.
</dd>
<dt>
<span class="term">
<code class="literal">ids</code>
</span>
</dt>
<dd>
(Required, array) A json array with all the valid SAML Request Ids that the caller of
the API has for the current user.
</dd>
<dt>
<span class="term">
<code class="literal">realm</code>
</span>
</dt>
<dd>
(Optional, string) The name of the realm that should authenticate the SAML response.
Useful in cases where many SAML realms are defined.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-authenticate-response-body"></a>Response body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-authenticate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">access_token</code>
</span>
</dt>
<dd>
(string) The access token that was generated by Elasticsearch.
</dd>
<dt>
<span class="term">
<code class="literal">username</code>
</span>
</dt>
<dd>
(string) The authenticated user’s name.
</dd>
<dt>
<span class="term">
<code class="literal">expires_in</code>
</span>
</dt>
<dd>
(integer) The amount of time (in seconds) left until the token expires.
</dd>
<dt>
<span class="term">
<code class="literal">refresh_token</code>
</span>
</dt>
<dd>
(string) The refresh token that was generated by Elasticsearch.
</dd>
<dt>
<span class="term">
<code class="literal">realm</code>
</span>
</dt>
<dd>
(string) The name of the realm that the user was authenticated by.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-authenticate-example"></a>Examples<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-authenticate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The following example exchanges a SAML Response indicating a successful
authentication at the SAML IdP for an Elasticsearch access token and refresh token to be
used in subsequent requests:</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">POST /_security/saml/authenticate
{
  "content" : "PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMD.....",
  "ids" : ["4fee3b046395c4e751011e97f8900b5273d56685"]
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/2131.console"></div>
<p>The API returns the following response:</p>
<div class="pre_wrapper lang-js">
<pre class="programlisting prettyprint lang-js">{
  "access_token" : "46ToAxZVaXVVZTVKOVF5YU04ZFJVUDVSZlV3",
  "username" : "Bearer",
  "expires_in" : 1200,
  "refresh_token": "mJdXLtmvTUSpoLwMvdBt_w",
  "realm": "saml1"
}</pre>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="security-api-saml-prepare-authentication.html">« SAML prepare authentication API</a>
</span>
<span class="next">
<a href="security-api-saml-logout.html">SAML logout API »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>